Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.50467 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu 4.10 USN-31-1 (cyrus21-imapd) |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing an update to cyrus21-imapd announced via advisory USN-31-1. Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, an argument like 'body[p' was detected as 'body.peek'. This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code. This update also fixes an exploitable buffer overflow that could be triggered in situations when memory allocation fails (i. e. when no free memory is available any more). Both vulnerabilities can lead to privilege escalation to root. The following packages are affected: cyrus21-imapd Solution: The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2004-November/000033.html http://security.e-matters.de/advisories/152004.html Risk factor : Critical CVSS Score: 10.0 |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1012 Bugtraq: 20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110123023521619&w=2 Debian Security Information: DSA-597 (Google Search) http://www.debian.org/security/2004/dsa-597 http://security.gentoo.org/glsa/glsa-200411-34.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:139 http://security.e-matters.de/advisories/152004.html http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 http://secunia.com/advisories/13274/ https://www.ubuntu.com/usn/usn-31-1/ XForce ISS Database: cyrus-imap-commands-execute-code(18199) https://exchange.xforce.ibmcloud.com/vulnerabilities/18199 Common Vulnerability Exposure (CVE) ID: CVE-2004-1013 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |